Gen AI Security & DevSecOps Engineer

National Basketball Association (NBA)Secaucus, NJ
$145,000 - $165,000Remote

About The Position

As a Senior Manager in League Office CyberSecurity department, the Gen AI Security & DevSecOps Engineer builds and operates the security infrastructure, automation, and governance that keep the NBA's software delivery and AI adoption secure. The role spans three domains: DevSecOps (securing the CI/CD pipelines and software development lifecycle that ship NBA applications), Gen AI Security (securing the organization's growing use of Generative AI, agents, and AI developer tools), and Cloud Security (securing the cloud, Kubernetes, and secrets posture that those applications run on). This is a hands-on engineering role: the candidate designs DevOps processes, administers and builds security tooling across the software development lifecycle, embeds security testing and policy enforcement into the pipeline, and owns security review and runtime controls for AI.

Requirements

  • Bachelor's degree in a technical discipline (or equivalent work experience).
  • Minimum of seven years in IT (a minimum of five years in information security).
  • Hands-on experience administering and integrating modern security tooling across the DevSecOps toolset, including SAST, SCA, DAST, container, IaC, and secrets scanning.
  • Hands-on experience designing and securing CI/CD pipelines on modern CI/CD platforms.
  • Strong programming and scripting ability, with the ability to build integrations, automation, and tooling against platform APIs.
  • Solid hands-on implementation of cloud security across at least one major cloud provider, including identity and access management, secrets management, network security, and posture management, guided by frameworks such as CIS Benchmarks, Cloud Security Alliance, and the NIST SP 800-53 and 800-190/800-204 series.
  • Working knowledge of Kubernetes and container security, including RBAC, admission control, namespace isolation, network policies, and Pod Security Standards.
  • Understanding of governance applied to cloud and AI computing in terms of risk, exposure, impact, and policy; experience writing architectural plans, standards, and guidelines for enterprise platforms.
  • One or more industry security certifications, such as GIAC (GCSA), a cloud security certification (CCSP, CCSK, or a cloud provider security certification), or an application or offensive certification (CEH, OSCP, or CySA+).

Nice To Haves

  • Familiarity with AI and LLM security frameworks (OWASP Top 10 for LLM Applications, OWASP Top 10 for Agentic Applications, NIST AI RMF, MITRE ATLAS) and the controls that mitigate Generative AI risks such as prompt injection, sensitive data disclosure, and excessive agency.

Responsibilities

  • Secure CI/CD pipelines at scale across the organization's CI/CD platforms with standardized security templates and automated policy enforcement, embedding static analysis (SAST), software composition analysis (SCA), container, infrastructure as code (IaC), and secrets scanning, with break build enforcement on critical and high severity findings.
  • Administer the enterprise SAST and SCA platform (scan engine infrastructure, query tuning, severity calibration, finding triage) and maintain the exploitability knowledge base that distinguishes true positives from false positives to keep security fast and low friction.
  • Build automated compliance tooling that detects required scans, validates pipeline configuration, and flags coverage gaps; audit pipeline posture across platforms and drive remediation directly with engineering teams.
  • Support secure SDLC practices and security gates (SAST, SCA, container, IaC, DAST), threat modeling, SBOM generation, and dependency verification; coordinate with the DAST and penetration testing functions and act on bug bounty findings.
  • Design and build the enterprise security operations platform and the automation that orchestrates DevSecOps workflows (scan state changes, triage, exemptions, intake, notifications), including AI-assisted vulnerability triage with appropriate guardrails, audit trails, and human oversight.
  • Define and report security risk metrics, lead security audits and assessments, conduct supply chain and CVE incident response across the estate, and mentor junior team members.
  • Lead security reviews of Generative AI applications, agentic workflows, and AI developer tools submitted through the enterprise AI intake process, assessing against OWASP Top 10 for LLM Applications, OWASP Top 10 for Agentic Applications, NIST AI RMF, MITRE ATLAS, and NBA Gen AI security policy and standards.
  • Author and maintain NBA Generative AI security policy and standards, including controls for AI data protection, model and prompt security, agentic AI, MCP (Model Context Protocol) integration, and AI developer tooling.
  • Evaluate and onboard Gen AI security tooling such as runtime guardrails, AI red teaming, browser and DLP controls, and MCP governance, and design and operate runtime AI security controls integrated into application pipelines and runtime.
  • Govern enterprise security over AI developer tooling and the MCP server approval workflow, and partner with the Enterprise Gen AI, Cloud Infrastructure, GRC, Legal, and Privacy functions to align AI security controls with broader AI governance.
  • Administer and operate the enterprise cloud security platform across a large multi-cloud estate (cloud posture, container, and IaC scanning); detect, prioritize, and drive remediation of misconfigurations and vulnerabilities against defined SLAs with infrastructure and application teams.
  • Own cloud security scanning policy configuration and service account governance (scope, least privilege, credential rotation), lead platform lifecycle work, and perform technical security configuration assessments of cloud platforms.
  • Own the Kubernetes security posture across a large cluster footprint, including admission control, RBAC, namespace isolation, network policies, and Pod Security Standards, and execute admission controller enforcement programs that move policies from audit to block in staged, owner-communicated rollouts with exception and rollback processes.
  • Design and operate automated credential rotation across cloud identity and key management services (cross-account role assumption, grace periods, owner notifications) and lead the initiative to eliminate static access keys in favor of OAuth 2.0, OIDC, and role-based authentication.
  • Manage the secrets lifecycle across cloud and pipeline secret stores with detection, alerting, and automated rotation, and build reporting that surfaces aging and non-compliant secrets.

Benefits

  • medical
  • dental
  • vision
  • life/AD&D insurance
  • short- and long-term disability
  • fertility and family-forming assistance
  • wellbeing allowance
  • educational assistance
  • mental health coaching/therapy
  • tax advantaged accounts such as HSA and healthcare/dependent care FSAs
  • a 401(k) retirement plan
  • time off benefits that include vacation, sick time, and personal days
  • annual discretionary performance bonus
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service